Chat now with support
Chat with Support

Identity Manager 8.0 - IT Shop Administration Guide

Setting up an IT Shop Solution
One Identity Manager Users in the IT Shop Putting the IT Shop into Operation Requestable Products Preparing Products for Requesting Assigning and Removing Products Preparing the IT Shop for Multi-factor Authentication Assignment Requests and Delegating Creating IT Shop Requests from Existing User Accounts, Assignments and Role Memberships Adding Groups Automatically to the IT Shop
Approval Processes for IT Shop Requests
Editing Approval Policies Approval Workflows Determining Effective Approval Policies Selecting Responsible Approvers Request Risk Analysis Testing Requests for Rule Compliance Approving Requests from an Approver Automatic Request Approval Obtaining Other Information about Requests by an Approver Appointing Other Approvers Setting up an Approval Step Approvers cannot be Established Automatic Approval on Timeout Abort Request on Timeout Approval through Chief Approval Team Approving Requests with Terms of Use Using Default Approval Processes
Request Sequence Managing an IT Shop
IT Shop Base Data Setting up IT Shop Structures Setting Up a Customer Node Deleting IT Shop Structures Templates for Automatically Filling the IT Shop Creating Custom Mail Templates for Notifications request templates
Default Solution for Requesting System Entitlements Error Handling Appendix: Configuration Parameters for the IT Shop Appendix: Request Statuses Appendix: Example of Request Results

Deleting an Active Directory Group

Deleting an Active Directory group

Installed Module: Active Directory Module
Table 136: Default Product for Deleting an Active Directory Group
Product Deleting an Active Directory group
Service category Not assigned
Shelf Identity & Access Lifecycle | Group Lifecycle
Approval policies/approval workflows Approval of Active Directory group deletion requests

Product owners and target system managers can request deletion of an Web Portal group in the Active Directory. The product owner or target system manager must grant deletion approval. The group is deleted in One Identity Manager and the change is published.

Prerequisites

  • The group can be requested in the IT Shop.
  • Employees are assigned to the application role Target system | Active Directory.

Requesting Groups Memberships

Requesting Groups Memberships

Installed Module: Active Directory Module

SharePoint Module

Table 137: Default Objects for Requesting Group Memberships
Shelves: Identity & Access Lifecycle\Active Directory groups

"Identity & Access Lifecycle\SharePoint groups

Approval policies/approval workflows Approval of Active Directory group membership requests

Approval of Active Directory group membership II requests (if Active Roles Module is installed)

Approval of group membership requests

Product owners and target system managers can request members for groups in these shelves in the Web Portal. The respective product owner or target system manager must grant approval for this modification. The changes are published in the target system.

Related Topics

Error Handling

Troubleshooting

Timeout on Saving Requests

If new requests are saved in bulk in the database a timeout may occur, after importing data, for example.

Probable reason

By default, the approvers responsible are determined during saving. This delays the saving process. No more actions can take place in One Identity Manager until all requests are saved and therefore, all approvers have been found. Depending on the system configuration, this may cause a timeout to occur when large amounts of data are being processed.

Solution
  • Disable the configuration parameter "QER\ITShop\DecisionOnInsert" in the Designer.
Effect
  • The requests are saved and a calculation task for determining approvers is queued in the DBQueue. Approvers responsible are determined outside the save process.
  • If the requester is also the approver, the approval step is not automatically granted approval. Approvers must explicitly approve their own requests. For more information, see Automatic Request Approval.
  • Automatic approval decisions are also met if necessary, but delayed. This affects requests with self-service, for example.
Related Documents